Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

Claim 1 (Currently amended): A method of administering registration of 
personal information in a data base in a manner tending to assure integrity of the 
personal information therein, the method comprising: 

a. obtaining, from each user with respect to whom data is to be placed in the 
data base, personal information of such user, the content of such personal 
information initially established by such user in an enrollment phase. 

b. also obtaining, from each such user, a first set of physiological identifiers 
associated with such user, the first set of physiological identifiers initially 
provided by such user in the enrollment phase; 

c. storing, in a digital storage medium, a data set pertinent to such user, the 
data set including such user's personal information and a representation of the 
physiological identifiers associated with such user; and 

d. permitting a subject claiming to be a specified user to modify the specified 
user's personal information in the stored data set pertinent to such user only if (i) 
the subject provides a new set of physiological identifiers and (ii) it is 
determined, by recourse to the stored data set, that there is a sufficient match 
between at least one member in the new set and a corresponding member of the 
first set, so that the subject is authenticated as the specified user, so that the data 
base i s administered under principles requiring that the specified user's personal 
information stored in the data set, provided by the specified user, is user 
modifiable only on authentication of the specified user there is established a 
repository of personal information using physiological identifiers to protect 
against unauthorized modification . 
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Claim 2 (Currently amended): A method according to claim 1, further 
comprising obtaining from such user such user's medical information, wherein 
the data set includes such user's medical information, and permitting a subject 
claiming to be a specified user to modify the specified user's medical information 
in the stored data set pertinent to such user only if (i) the subject provides a new 
set of physiological identifiers and (ii) it is determined, by recourse to the stored 
data set, that there is a sufficient match between at least one member in the new 
set and a corresponding member of the first set, so that the subject is 
authenticated as the specified user, so that the data base is administered under 
principle s requiring that the specified user's medical information stored in the 
data set, provided by the specified user, is user modifiable only on 
authentication of the specified user there is established a repository of medical 
information using physiological identifiers to protect against unauthorized 
modification . 

Claim 3 (Original): A method according to claim 1, wherein the first set includes 
a plurality of members. 

Claim 4 (Previously presented): A method according to claim 1, wherein the 
first set of physiological identifiers includes the appearance of such user's face. 

Claim 5 (Previously presented): A method according to claim 1, wherein the 
first set of physiological identifiers includes characteristics of utterances of such 
user. 

Claim 6 (Previously presented): A method according to claim 1, wherein the 
first set of physiological identifiers includes a fingerprint of such user. 
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Claim 7 (Previously presented): A method according to claim 1, wherein the 
first set of physiological identifiers includes the configuration of an iris in an eye 
of such user. 

Claim 8 (Previously presented): A method according to claim 1, wherein the 
first set includes at least one member selected from the group consisting of a 
fingerprint of such user and the configuration of an iris in an eye of such user 
and at least one member selected from the group consisting of characteristics of 
utterances of such user and the appearance of such user*s face. 

Claim 9 (Previously presented): A method according to any of claims 1 or 2, 
wherein, pursuant to step (d), the subject is permitted to modify the user's 
information in the stored data set only if the subject provides the new set of 
physiological identifiers under a condition permitting verification, independent 
of the physiological identifiers, that the new set is being provided by the person 
purporting to provide them. 

Claim 10 (Original): A method according to claim 9, wherein the condition 
includes the physical presence of the subject when providing the new set. 

Claim 11 (Original): A method according to claim 9, wherein the condition 
includes having the subject provide the new set when prompted to do so. 

Claim 12 (Original): A method according to claim 9, wherein the condition 
includes having the subject provide a non-physiological identifier. 

Claim 13 (Original): A method according to claim 12, wherein the non- 
physiological identifier is selected from the group consisting of a password and a 
pass card. 
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Claim 14 (Previously presented): A method according to claim 12, wherein the 
non-physiological identifier is provided in the course of a session, over a 
computer network, employing a user's public and private keys. 

Claim 15 (Previously presented): A method according to claim 1, further 
comprising: 

prompting each user, on a periodic basis, to update the user's personal 
information in the data set pertinent to such user. 

Claim 16 (Previously presented): A method according to claim 1, further 
comprising: 

obtaining a test set of physiological identifiers from a subject purporting 

to be a specific user; 

accessing information in the data set pertinent to the specific user; and 
determining if there is a sufficient match between at least one member in 

the test set and a corresponding physiological identifier represented in the data 

set. 

Claim 17 (Currently amended): A method for authenticating a user transaction, 
the method comprising: 

obtaining a test set of physiological identifiers from a subject purporting 
to be a specific user; 

accessing information in a first data set pertinent to the specific user 
stored in a registration data base, the data base containing information provided 
by multiple users in a separate data set for each user, each data set of a specific 
user including (i) personal information, of the specific user, that has been 
established by the specific user, and (ii) a representation of a first set of 
physiological identifiers, associated with the specific user, that has been 
provided by the specific user, the data base being maintained under conditions 
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wherein modification by a subject claiming to be a specific user of the specific 
user's personal information in a stored data set pertinent to the specific user is 
permitted only if (i) the subject provides a new set of physiological identifiers 
and (ii) it is determined, by recourse to the stored data set, that there is a 
sufficient match between at least one member in the new set and a corresponding 
member of the first set, so that the subject is authenticated as the specific user, so 
that the data base is administered under principles requiring that the specific 
user's personal information stored in the data set, provided by the specific user, 
is user modifiable only on authentication of the specific user there is established 
a repository of personal information using physiological identifiers to protect 
a gainst unauthorized modification; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

Claim 18 (Previously presented): A method according to claim 17, wherein: 
the database is accessible via a server at a first location; 
obtaining the test set of physiological identifiers is performed at a second 

location remote from the first location; 

determining if there is a sufficient match includes communicating with the 

server from the second location over a network. 

Claim 19 (Original): A method according to claim 18, wherein: 

obtaining the test set of physiological identifiers is performed under 
supervision of a merchant. 

Claim 20 (Original): A method according to claim 19, wherein: 

determining if there is a sufficient match is performed without revealing 
content of the first data set to the merchant. 
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Claim 21 (Previously presented): A method according to any of clairos 18, 19, or 
20, wherein the transaction is a change of address for an account. 

Claim 22 (Previously presented): A method according to any of claims 18, 19, or 
20, wherein the transaction is an application to open an account. 

Claim 23 (Original): A method according to claim 21, wherein the account 
authorizes the transfer of funds. 

Claim 24 (Original): A method according to claim 22, wherein the accoimt 
authorizes the transfer of funds. 

Claim 25 (Original): A method according to claim 21, wherein the account is 
based on the extension of credit to the accoimt holder. 

Claim 26 (Original): A method according to claim 22, wherein the account is 
based on the extension of credit to the account holder. 

Claim 27 (Original): A method according to claim 18, wherein the transaction is 
an application to a government agency for one of a license and a renewal of a 
license. 

Claim 28 (Original): A method according to claim 18, wherein the transaction is 
an application to a government agency for one of an identification token and a 
renewal of an identification token. 

Claim 29 (Currently amended): A computer system comprising: 
a digital storage medium on which has been recorded a multi-user personal 
information data base, the data base comprising, for each specific user, a data set 
pertinent to the specific user, the data set including: 



7 



(a) the specific user's personal information obtained from the specific 

user; 

(b) a representation of a first set of physiological identifiers associated 
with the specific user; and 

(c) the specific user's emergency information obtained from the 
specific user; and 

a computer process running in association with the storage medium to cause the 
storage medium to be maintained under conditions wherein modification by a 
subject claiming to be a specific user of such specific user's personal and 
emergency information in a stored data set pertinent to the specific user is 
permitted only if (i) the subject provides a new set of physiological identifiers 
and (ii) it is deternnined, by recourse to the stored data set, that there is a 
sufficient match between at least one member in the new set and a corresponding 
member of the first set, so that the subject is authenticated as the specific user, so 
that the data base is administered under principles requiring that the specific 
user's personal and emergency information stored in the data set, provided by 
the specific user, is user modifiable only on authentication of the specific user 
there is established a repository of personal information using physiological 
identifiers to protect against unauthorized modification . 

Claim 30 (Currently amended): A system for updating a personal information 
database containing a data set for each one of multiple users, each data set 
including a user's personal information and a representation of a first set of 
physiological identifiers associated with the user, the system comprising: 

a. a physiological identifier transducer having an output representing 
a physiological identifier associated with a subject claiming to be a specified user; 

b. a user access authorization module, coupled to the physiological 
identifier transducer and to the database, for deternruning whether the output of 
the physiological identifier transducer sufficiently matches the representation of 
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the first set of physiological identifiers, so that the subject is authenticated as the 
specified user; 

c. a user data set access module, coupled to the user access 
authorization module and to the database, for accessing the user data set 
pertinent to the specified user, in the event that the user access authorization 
module has authenticated the subject as the specified user; and 

d. a user data set update module, coupled to the database, to the user 
data set access module, and to a user input, permitting the subject to update the 
specified user's personal information in the corresponding data set in the 
database in the event that the user data set access module has provided access to 
the user data set, so that the database is administered imdcr principles requiring 
that the specified user's personal inforrriation stored in the data set, provided by 
the specified user, is user modifiable only on authentication of the specified user 
there is established a repository of personal information using physiological 
identifiers to protect against unauthorized modification . 

Claim 31 (Currently amended): A system for authenticating transactions, the 
system comprising: 

a. a multi-user personal information data base, the data base comprising, for 
each specific user, a data set pertinent to the specific user, the data set including: 

(i) personal information, of the specific user, that has been established by the 
specific user; 

(ii) a representation of a first set of physiological identifiers, associated with 
the specific user, that has been provided by the specific user; 

the data base being maintained under conditions wherein modification by a 
subject claiming to be a specific user of the specific user's personal information in 
a stored data set pertinent to the specific user is permitted only if (i) the subject 
provides a new set of physiological identifiers and (ii) it is determined, by 
recourse to the stored data set, that there is a sufficient match between at least 
one member in the new set and a corresponding member of the first set, so that 
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the subject is authenticated as the specific user, so that the data base is 
administered under principle s requiring that the specific user' s personal 
information stored in the data set, provided by the specific user, is user 
modifiable only on authentication of the specific user there is established a 
repository of personal information using physiological identifiers to protect 
against unauthorized modification; 

b. a multiplicity of remotely distributed terminals in communication with 
the data base, each terminal including a physiological identifier transducer and a 
communication link with a merchant; and 

c. an authenticity checker, which determines whether there is a sufficient 
match between the output of a physiological identifier transducer attributable to 
a subject purporting to be a user and a physiological identifier in the first set. 

Claim 32 (Original): A system according to claim 28, wherein the first set 
includes a plurality of members. 

Claim 33 (Original): A system according to claim 28, wherein the first set 
includes at least one member selected from the group consisting of a fingerprint 
of the user and the configuration of an iris in an eye of the user and at least one 
member selected from the group consisting of characteristics of utterances of the 
user and the appearance of the user's face. 

Claim 34 (Previously presented): A method according to claim 1, wherein 
obtaining personal information of such user includes obtaining data pertaining 
to one or more merchants. 

Claim 35 (Previously presented): A method according to claim 1, wherein any 
financial information that may be in the data set is not limited to that of a 
particular banking or financial institution. 
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Claim 36 (Currently amended); A method of administering personal 
information in a data base in a manner tending to assure integrity of data therein, 
the data base being of a type wherein a stored data set is established for each 
user and there has been obtained from each user with respect to such data a first 
set of physiological identifiers associated with such user and included in the data 
set, the method comprising: 

a. obtaining from a subject seeking to modify information in the stored 
data set pertinent to such user a new set of physiological identifiers, and 

b. permitting the subject to modify such user's personal information in 
the stored data set only if it is determined, by recourse to the stored data set, that 
there is a sufficient match between at least one member in the new set and a 
corresponding member of the first set, so that the subject is authenticated as such 
user, so that the data base is administered under principles requiring that such 
user's personal information stored in the data set, provided by such user, is user - 
modifiable only on authentication of s uch user there is established a repository of 
personal information using physiological identifiers to protect against 
imauthorized modification . 

Claim 37 (Previously presented): A method according to claim 36, wherein any 
financial information that may be in the stored data set is not limited to that of a 
particular banking or financial institution. 

Claim 38 (Previously presented): A method according to claim 36, wherein 
obtaining the new set of physiological identifiers and permitting the subject to 
modify the information in the stored data set are performed in a facility 
established for that purpose. 

Claim 39 (Currently amended): A method for authenticating a user transaction 
using a data base of a type wherein a stored data set is established for each 
potential user and there has been obtained from each potential user with respect 
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to such data a first set of physiological identifiers associated with such potential 
user and included in the data set, the n\ethod comprising: 

administering the data base in a manner such that personal information in 
a stored data set pertinent to an individual may not be modified by a person 
purporting to be the individual unless there has been obtained a sufficient match 
between at least one physiological identifier in the stored data set and a new 
physiological identifier obtained from the person, so that the data base is 
administered under principles requiring that the individual's personal 
information stored in the data set, provided by the individual, is modifiable by 
the individual only on authentication of the individual there is established a 
repository of personal information using physiological identifiers to protect 
a gainst unauthorized modification; 

obtaining a test set of physiological identifiers from a subject purporting 
to be a specific user; 

accessing information in the data set pertinent to the specific user in the 
data base; and 

determining if there is a sufficient match between at least one member in 
the test set and a corresponding physiological identifier represented in the data 
set. 

Claim 40 (Previously presented): A method according to claim 39, wherein ^ny 
financial information that may be in the stored data set is not limited to that of a 
particular bariking or financial institution. 

Claim 41 (Previously presented): A method according to any of claims 1, 17, 36 
or 39, further comprising: 

retaining a representation of at least one of the new set of physiological 
identifiers, if there is an insufficient match. 
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Claim 42 (Previously presented): A method according to claim 41, further 
comprising: 

providing access to the retained representation of the at least one of the 
new set of physiological identifiers by a law enforcement official. 

Claim 43 (Previously presented): A method according to any of claims 1 or 36, 
further comprising: 

permitting a third party of a specified kind to view but not modify the 
user's personal information in the stored data set without requiring such third 
party to provide a physiological identifier that sufficiently matches a 
corresponding member of the first set of physiological identifiers stored in the 
data set. 

Claim 44 (Previously presented): A method according to claim 43, wherein the 
specified kind is a merchant. 

Claim 45 (Previously presented): A method according to claim 2, further 
comprising: 

permitting a third party of a specified kind to view but not modify the 
user's medical information in the stored data set without requiring such third 
party to provide a physiological identifier that sufficiently matches a 
corresponding member of the first set of physiological identifiers stored in the 
data set. 

Claim 46 (Previously presented): A method according to claim 45, wherein the 
specified kind is a health care provider. 

Claim 47 (Previously presented): A method according to any of claims 1 or 2, 
further comprising: 
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providing, to each user, a token indicating that the user has provided 
infornnation to the data base. 

Claim 48 (Previously presented): A method according to claim 47, wherein the 
token comprises a card. 

Claim 49 (Previously presented): A method according to claim 47, wherein the 
token includes an identifier that, when presented to the data base by a third 
party, enables such third party to access but not modify the user's information in 
the data base. 

Claim 50 (Previously presented): A method according to claim 49, wherein the 
identifier comprises: 

a record number identifying the data set pertinent to such user. 
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